US11811790B2 - Anti-phishing system - Google Patents

Anti-phishing system Download PDF

Info

Publication number
US11811790B2
US11811790B2 US16/618,115 US201916618115A US11811790B2 US 11811790 B2 US11811790 B2 US 11811790B2 US 201916618115 A US201916618115 A US 201916618115A US 11811790 B2 US11811790 B2 US 11811790B2
Authority
US
United States
Prior art keywords
file
storage device
mode
phishing attack
backup
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US16/618,115
Other languages
English (en)
Other versions
US20210336970A1 (en
Inventor
Jong Hyun Woo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
NAMUSOFT Co Ltd
Original Assignee
NAMUSOFT Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by NAMUSOFT Co Ltd filed Critical NAMUSOFT Co Ltd
Publication of US20210336970A1 publication Critical patent/US20210336970A1/en
Assigned to NAMUSOFT CO., LTD reassignment NAMUSOFT CO., LTD ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WOO, JONG HYUN
Priority to US18/086,716 priority Critical patent/US20230132303A1/en
Priority to US18/376,442 priority patent/US12113813B2/en
Application granted granted Critical
Publication of US11811790B2 publication Critical patent/US11811790B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/80Database-specific techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/825Indexing scheme relating to error detection, to error correction, and to monitoring the problem or solution involving locking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes

Definitions

  • the present invention relates to a method and a system for blocking a ransomware or phishing attack.
  • the phishing refers to an attack that seizes account information or electronic certificates, key data, and the like existing in a user terminal due to attacks that leak data stored in the user terminal.
  • the ransomware is an attack technique that requires money after encrypting the data stored in the user terminal or kept in a connected network storage so as to prevent a user from accessing the data.
  • the present invention has been made in an effort to solve the above-described problems associated with prior art and to provide a method and a system for blocking a ransomware attack for a server capable of safely managing data stored in the server and backup data from ransomware by a low-price and easy method without separate server manager.
  • Another object of the present invention is to provide a method and a system blocking a phishing attack from the outside to lose data of a user terminal or a service server.
  • a system for blocking a ransomware attack as a system for a server for blocking a ransomware attack
  • a backup storage device which has a purpose for backing up the stored data in a server as a separate storage device which is physically independent from the server and includes a communication interface to enable a communication access to the server; and a service agent which is installed in the server to mediate the communication with the backup storage device, wherein while the backup storage device is storage-mounted on the server, after the data backup to the backup storage device for the storage data in the server is performed, when there is the lock command for the backup data backed up in the backup storage device, the backup storage device locks the corresponding backup data according to the lock command to process the locked backup data to be provided only in an uncorrectable read-only mode.
  • the data backup to the backup storage device may be processed only when the backup command for the storage data in the server is made, and when the service agent transmits the backup command received to the server to the backup storage device and the backup storage device may back up the corresponding storage data according to the received backup command.
  • the backup storage device may confirm whether target data of the data correction command relates to the locked backup data, and when the target data is confirmed as the data correction command for the locked backup data, the backup storage device may reject the corresponding data correction command.
  • the backup storage device may reject the data correction command for the corresponding backup data received from the different storage device and process the corresponding backup data to be provided only in the read-only mode.
  • the backup storage device may include a hardware switch or a software switch for unlocking the locked state set in the backup data, and even in the case where the unlock command for the locked backup data is transmitted through the service agent, when switching to the unlocked state is not performed through an operating switching of the hardware switch or the software switch, the unlock command may be rejected.
  • the backup storage device may release the read-only mode for the backup data according to the locked state to switch the corresponding backup data into a data correctable state.
  • the switching to the unlocked state may select any one of a batch unlock mode performed for the entire backup data in the backup storage device and a selective unlock mode performed only for the requested backup data.
  • a system for blocking a phishing attack comprising: a phishing attack prevention storage device; and an agent program which is installed in a user terminal or a service server and performs an interworking operation with the phishing attack prevention storage device when the user terminal or the service server is connected with the phishing attack prevention storage device via a network and a storage area in the phishing attack prevention storage device is mounted in a network drive form.
  • the phishing attack prevention storage device may check a storage operation mode and create a fake file other than the open-requested original file when the storage operation mode corresponds to a list-only mode to return the fake file to the user terminal or the service server.
  • the fake file may have the same file capacity as an original file to be open-requested, and a file text may be filled with a null value or an unknown value.
  • the agent program may provide selection information to enable a user to select switching to an edit mode or termination of the edit mode with respect to a folder or file stored in the phishing attack prevention storage device mounted on the user terminal or the service server in a network drive format, and request a release of the list-only mode to the phishing attack prevention storage device when the file open request corresponds to an edit mode open request according to the switching to the edit mode.
  • the phishing attack prevention storage device may release the list-only mode according to the edit mode open request and allow the open-requested original file to be provided to the user terminal or the service server.
  • the agent program may request a release of the list-only mode to the phishing attack prevention storage device when there is a release request of the list-only mode according to a pre-registered mode from the user terminal or the service server.
  • the phishing attack prevention storage device may allow the open-requested original file to be provided to the user terminal or the service server according to the release request of the list-only mode.
  • the release of the list-only mode may be executed through an authority's authentication by an authentication device pre-registered from the user.
  • a storage device for phishing prevention which is operable in a list-only mode according to a security policy as a separate storage device which is connected with the user terminal or the service server via a network, but is physically independent.
  • FIG. 1 is a diagram showing a process of storage-mounting a backup storage device on a server in a system for a server for blocking a ransomware attack according to an embodiment of the present invention
  • FIG. 2 is a diagram showing a process of backing-up and locking the data by the backup storage device in the system for the server for blocking the ransomware attack according to the embodiment of the present invention
  • FIG. 3 is a diagram showing a process of releasing the lock by the backup storage device in the system for the server for blocking the ransomware attack according to the embodiment of the present invention
  • FIG. 4 is a diagram for describing a list-only mode as a basic process according to a method and a system for preventing a phishing attack according to an embodiment of the present invention
  • FIG. 5 is a diagram for describing a method for opening a file in an editable state by releasing the list-only mode according to an embodiment of the present invention
  • FIG. 6 is a diagram for describing a method for performing additional authentication in the process of releasing the list-only mode according to an embodiment of the present invention
  • FIG. 7 is a screen example for a case where a user switches a specific file to ‘edit mode open’ or ‘edit mode switching’ after mounting a storage space of a storage device for preventing a phishing attack in a window explorer in a network drive;
  • FIG. 8 is an execution screen example capable of transmitting an edit mode termination command when the edit mode of FIG. 7 is released.
  • FIGS. 1 to 3 a system for a server for blocking a ransomware attack will be described (see FIGS. 1 to 3 ).
  • program-based read-only storage is a technology in which when whether the program is a program authorized on a file protection policy is determined, if there is the authorized program, the correction of the file is enabled, and if not, the program operates only in a read-only mode.
  • a program-based read-only storage implementation method since commands and responses are basically performed by a file unit, a read-only file is provided by a file unit.
  • a program-based read-only storage implementation method has the following weak points.
  • the file creation time-based read-only storage implementation method in some cases, the following security vulnerability is shown. That is, although a file having a small size (capacity) of the file uploaded in the file creation process is not a problem, in the case of a backup of a file having a large size, the file creation effective time range needs to be increased, but if the time is opened too long, a possibility to be exposed to an external attack may be increased for the time. For example, in the case of the backup, in order to enhance the storage efficiency, the large-sized file is not backed up by one file unit, but is bound and backed up into one file with a Tar or ZIP format, and if the file size is too large, a correctable time of the file needs to be sufficiently much given.
  • a “command-based read-only storage” implementation method is provided.
  • Such a command-based read-only storage implementation method is executed by a backup command, a lock command, and an unlock command, and at this time, the backup/lock/unlock may be operated by a file unit and may be operated by a folder unit. Accordingly, even in the case where there is a correction request for a specific file, when a folder (extended to a higher folder of the corresponding folder) storing the corresponding file is in a locked state according to a path of the corresponding file, the correction request for the corresponding file is rejected.
  • These backup/lock/unlock commands may use a command structure in accordance with the following commands by the Linux operating system.
  • OTP one-time password
  • the backup data may be changed into a read-only mode by locking all files and folders below a specific folder by a very simple console command.
  • the command-based read-only storage implementation method generally, when the file is required to a mounted drive, a folder path storing the file is included in the corresponding request.
  • a correction request is limited based on the file and the folder path, there is an advantage of omitting management for unnecessary metadata for each file (a difference between the creation time and a current request time in the case of the creation time-based read-only storage implementation method described above, and attribution information, a fingerprint value, etc. of the corresponding program in the case of the program-based read-only storage implementation method described above).
  • a system for blocking a ransomware attack includes a backup storage device (see “mega storage” of FIGS. 1 to 3 , same as below) which has a purpose for backing up the stored data in a server as a separate storage device which is physically independent from the server and includes a communication interface to enable a communication access to the server; and a service agent (see “mega connector” of FIGS. 1 to 3 , same as below) which is installed in the server to mediate the communication with the backup storage device.
  • a backup storage device see “mega storage” of FIGS. 1 to 3 , same as below
  • a service agent see “mega connector” of FIGS. 1 to 3 , same as below
  • the backup storage device provides the same environment as a general storage which is connectable via a network or directly. That is, like a general storage connected by NAS, DAS, SAN, etc., the backup storage device provides mount/unmount and provides an I/O of an operating system as it is so that there is no problem when various backup utilities and tools such as rsync are operated.
  • a service agent may be installed to be driven in a service level of the operating system in the installation step or driven at any location by registering a program execution environment pass of the operating system.
  • the backup storage device while the backup storage device is storage-mounted on the server, after the data backup to the backup storage device for the storage data in the server is performed, when there is the lock command for the backup data backed up in the backup storage device, the backup storage device locks the corresponding backup data according to the lock command to process the locked backup data to be provided only in an uncorrectable read-only mode.
  • the data backup to the backup storage device may be processed only when the backup command for the storage data in the server is made, and when the service agent transmits the backup command received to the server to the backup storage device and the backup storage device may back up the corresponding storage data according to the received backup command.
  • FIG. 1 is a diagram showing a process of storage-mounting a backup storage device on a server in a system for a server for blocking a ransomware attack according to an embodiment of the present invention.
  • the backup storage device refers to a device or server device in which an actual storage device is built-in and a hybrid WORM program is mounted, and the service agent (mega connector) is a module installed in a customer service server to communicate with the backup storage device (mega storage).
  • a user needs to mount the backup storage device (mega storage) to back up the data of its own service server.
  • a mount request of the user is received and processed by the service agent (mega connector), and various I/Os of the operating system related to a storage mount are processed through the backup storage device (mega storage) and then the service agent (mega connector) returns the result to the operating system.
  • FIG. 1 an example in which the backup storage device (mega storage) is mounted on a new folder called backup below a folder called /media.
  • the backup storage device (mega storage) is mounted on a new folder called backup below a folder called /media.
  • FIG. 2 is a diagram showing a process of backing up and locking data by the backup storage device.
  • the backup storage device when the data correction command received from the server is transmitted from the service agent, the backup storage device confirms whether target data of the data correction command relates to the locked backup data, and when the target data is confirmed as the data correction command for the locked backup data, the backup storage device rejects the corresponding data correction command.
  • the backup storage device (mega storage) locks the corresponding folder and thereafter, operates only in a read-only mode (see FIGS. 2 B and 2 C ).
  • the folder of /media/backup/websource/20180101 may be created with a command such as mkdir in the case of the Linux operating system.
  • information on the locked folders may be stored in a non-volatile memory (such as a database, etc.) of the backup storage device (mega storage), and thus the data may be maintained even if the power supply to the backup storage device is interrupted.
  • a non-volatile memory such as a database, etc.
  • the data correction requests (e.g., a write file, a modify file, a move file, a delete file, etc.) for /media/backup/websource/20180101 all are rejected by the user or any processor including ransomware.
  • the backup storage device rejects the data correction command for the corresponding backup data received from the different storage device and may process the corresponding backup data to be provided only in the read-only mode.
  • information on the locked folders is set to a storage reference path (/websource/20180101 in an example of FIG. 1 ) of the backup storage device (mega storage), and even though the backup storage device is mounted on another path (e.g., /media/data) of another device, /media/data/websource/20180101 may still be implemented accessibly only in the read-only mode.
  • FIG. 3 is a diagram showing a process of performing the unlocking by the backup storage device.
  • the backup storage device may include a hardware switch (e.g., a hardware button for locking and unlocking provided in the backup storage device) or a software switch for unlocking the locked state set in the backup data. Accordingly, even in the case where the unlock command for the locked backup data is transmitted through the service agent, when switching to the unlocked state is not performed through an operating switching of the hardware switch or the software switch, the unlock command may be rejected (see FIG. 3 D ).
  • a hardware switch e.g., a hardware button for locking and unlocking provided in the backup storage device
  • a software switch for unlocking the locked state set in the backup data. Accordingly, even in the case where the unlock command for the locked backup data is transmitted through the service agent, when switching to the unlocked state is not performed through an operating switching of the hardware switch or the software switch, the unlock command may be rejected (see FIG. 3 D ).
  • the backup storage device releases the read-only mode for the backup data according to the locked state to switch the backup data into a data correctable state (see FIGS. 3 E and 3 F ).
  • the switching to the unlocked state is able to select any one of a batch unlock mode performed for the entire backup data in the backup storage device and a selective unlock mode performed only for the requested backup data.
  • the present invention basically, once-locked folders and files and folders therebelow are accessible only in the read-only mode and may be implemented so that any unlocking is impossible by the user.
  • a writable area of the backup storage device (mega storage) is continuously decreased.
  • an unlocking function is given to reuse the storage, and in the backup storage device (mega storage) of the present invention, the unlocking is performed by an operation of turning off the hardware switch (physical switch (protect switch)) or the software switch.
  • the corresponding switch the protect switch
  • a specific folder is able to be unlocked or the entire backup storage device (mega storage) is able to be unlocked.
  • an on/off mode that is, lock and unlock
  • OTP one time password
  • the locking of the backup storage device may be performed by a mode executed (that is, changed to a read-only mode) only when a pre-specified lock command (ex. a lock command using a freeze command) needs to be input manually, but may be automatically executed according to a predetermined condition.
  • a pre-specified lock command (ex. a lock command using a freeze command) needs to be input manually, but may be automatically executed according to a predetermined condition.
  • a C function creating an I/O event closing a file handle according to the Linux/Unix OS, a C function below may be representatively used.
  • the I/O event closing the file handle occurs, and the event is transmitted to a file system.
  • the I/O may be detected by a callback file system (file system driver), and in the Linux, the I/O may be detected by FUSE.
  • file handles forcibly opened by the OS are closed, and at this time, the same event I/O occurs.
  • the functions described above are functions used in the C language, and functions closing the file handle are present separately for each language.
  • the corresponding functions generate events to close the file handle to all file systems.
  • the method for only reading or not the data stored in the backup storage device by a folder unit by the on/off selection using the hardware switch and the like is mainly described.
  • a method of automatically changing the data to the read-only mode by detecting the termination event of the file is adopted, and while the hardware switch or the like is turned on, even in the case where there is an initialization command of the corresponding disk, a method in which the initialization of the disk is not operated may also be applied.
  • FIGS. 4 to 8 As a second technical object of the present invention, a system for blocking a phishing attack will be described (see FIGS. 4 to 8 ).
  • the method for storing the files separately in the security storage area and the method of allowing the file edition only by the authorized program have a weak point of extorting and simultaneously neutralizing an admin account of the operating system.
  • the hacker watches the corresponding input/output commands and then extorts a fingerprint value and the like of the authorized program and performs a replay attack (that is, an attack in which a hacking program is the same name as the authorized program and disguised like a normal program by transmitting the extorted fingerprint value to the backup server) to neutralize a security mode of the above technology.
  • the method is strong to the ransomware attack, but the data is able to be leaked by a method of capturing contents of the files opened in the read-only mode, and thus there is a possibility to be neutralized to the phishing attack.
  • a method capable of improving the weak points described above and preventing the data leakage by the phishing attack by using a separate storage device hereinafter, referred to as a phishing attack prevention storage device
  • a phishing attack prevention storage device basically operating as a “list-only mode” and physically independent.
  • FIG. 4 is a diagram for describing a list-only mode as a basic process according to a method and a system for preventing a phishing attack according to an embodiment of the present invention.
  • the file explorer executes a basic program (e.g., a basic program WINWORD.EXE to process an extension docx) to process the corresponding file extension and then transmits file information.
  • the basic program is transmitted to the phishing attack prevention storage device (hereinafter, referred to as a filing box mini device) through an agent program (hereinafter, referred to as a filing box mini application or requesting a file read by the operating system and operating as a file system driver.
  • the filing box mini device checks a list-only mode of the requested file to return fake data (in the case of the list-only mode) and provide the fake data to the basic program. Accordingly, the user finally watches document having the fake data or confirms errors generated by the basic program due to the fake data.
  • the fake file has the same file capacity as an original file to be open-requested, and a file text may be filled with a null value or an unknown value which cannot determine any meanings.
  • FIG. 5 is a diagram for describing a method for opening a file in an editable state by releasing the list-only mode according to an embodiment of the present invention.
  • the file explorer After the user selects a specific file in the file explorer, the user clicks a right-side mouse button to pop-up a context menu of a shell extension of the file explorer. Thereafter, when the user selects a menu of ‘open to edit mode’, the file explorer requests a list-only mode release of the corresponding file to the filing box mini application and the filing box mini application allows the request to be performed to the filing box mini device.
  • the file explorer executes the basic program to process the extension of the corresponding file and then transmits the file information, and the basic program reads and processes the original data from the filing box mini device through the operating system and the filing box mini application.
  • FIG. 6 is a diagram for describing a method for performing additional authentication in the process of releasing the list-only mode according to an embodiment of the present invention.
  • the user needs to first register a user's own OTP device (a mobile, etc.) to the filing box mini device once.
  • the user requests a device registration together with user's own ID through the filing box mini application and the filing box mini device receiving the request requests creation and registration of a new TOTP parameter to be used in the corresponding user's ID to an internal device authentication unit. Normally, the TOTP parameter registered in the device authentication unit is transmitted to the filing box mini application to be exposed to the user.
  • the initial OTP device registration process is completed.
  • the filing box mini application inquires an authentication policy from the filing box mini device to recognize that the OTP authentication is required and requests a TOTP value to the user.
  • the user obtains the TOTP value from the user's own OTP device to provide the obtained TOTP value to the filing box mini device and the filing box mini device receiving the value requests the authentication to the internal device authentication unit.
  • the filing box mini device releases the list-only mode of the corresponding file to change the file to a usable state.
  • FIG. 7 is a screen example for a case where a user switches a specific file to ‘edit mode open’ or ‘edit mode switching’ after mounting a storage space of a storage device for preventing a phishing attack in a window explorer in a network drive
  • FIG. 8 is an execution screen example capable of transmitting an edit mode termination command when the edit mode of FIG. 7 is released.
  • processing such as the switching to the edit mode or/and the termination of the edit mode may also be performed per unit file, but in some cases, the processing such as the switching to the edit mode or/and the termination of the edit mode may be simultaneously performed in a plurality of files within a required range or a set range in driving the file.
  • the processing such as the switching to the edit mode or/and the termination of the edit mode may be simultaneously performed in a plurality of files within a required range or a set range in driving the file.
  • reference files having sub folders need to be simultaneously accessed and used as in the case of CAD or a software development tool, even by switching to the edit mode/termination manipulation of the edit mode for any one file, all corresponding sub folders or reference files in the sub folder associated therewith will be enabled to be switched to the edit mode/ended.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)
US16/618,115 2019-11-27 2019-11-27 Anti-phishing system Active 2041-05-26 US11811790B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US18/086,716 US20230132303A1 (en) 2019-11-27 2022-12-22 System for blocking a ransomware attack
US18/376,442 US12113813B2 (en) 2019-11-27 2023-10-04 Anti-phishing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/KR2019/016426 WO2021107177A1 (ko) 2019-11-27 2019-11-27 랜섬웨어 또는 피싱 공격 차단 방법 및 시스템

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2019/016426 A-371-Of-International WO2021107177A1 (ko) 2019-11-27 2019-11-27 랜섬웨어 또는 피싱 공격 차단 방법 및 시스템

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US18/086,716 Division US20230132303A1 (en) 2019-11-27 2022-12-22 System for blocking a ransomware attack
US18/376,442 Continuation US12113813B2 (en) 2019-11-27 2023-10-04 Anti-phishing system

Publications (2)

Publication Number Publication Date
US20210336970A1 US20210336970A1 (en) 2021-10-28
US11811790B2 true US11811790B2 (en) 2023-11-07

Family

ID=76130612

Family Applications (3)

Application Number Title Priority Date Filing Date
US16/618,115 Active 2041-05-26 US11811790B2 (en) 2019-11-27 2019-11-27 Anti-phishing system
US18/086,716 Abandoned US20230132303A1 (en) 2019-11-27 2022-12-22 System for blocking a ransomware attack
US18/376,442 Active US12113813B2 (en) 2019-11-27 2023-10-04 Anti-phishing system

Family Applications After (2)

Application Number Title Priority Date Filing Date
US18/086,716 Abandoned US20230132303A1 (en) 2019-11-27 2022-12-22 System for blocking a ransomware attack
US18/376,442 Active US12113813B2 (en) 2019-11-27 2023-10-04 Anti-phishing system

Country Status (5)

Country Link
US (3) US11811790B2 (ko)
JP (2) JP7489672B2 (ko)
KR (3) KR20240104106A (ko)
CN (2) CN114080782B (ko)
WO (1) WO2021107177A1 (ko)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20180088551A (ko) 2017-01-26 2018-08-06 삼성디스플레이 주식회사 표시 장치
US11509691B2 (en) * 2020-05-15 2022-11-22 Paypal, Inc. Protecting from directory enumeration using honeypot pages within a network directory
US12105596B2 (en) * 2021-07-06 2024-10-01 Cyntegra Ltd Securely backing up and restoring a computer system using a trusted OS
KR102623168B1 (ko) * 2022-06-17 2024-01-10 (주)나무소프트 데이터 보호 시스템

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040210796A1 (en) * 2001-11-19 2004-10-21 Kenneth Largman Computer system capable of supporting a plurality of independent computing environments
US20130263226A1 (en) * 2012-01-22 2013-10-03 Frank W. Sudia False Banking, Credit Card, and Ecommerce System
US20140068270A1 (en) * 2011-05-20 2014-03-06 Gurudatt Shenoy Systems And Methods For Device Based Secure Access Control Using Encryption
WO2017014823A2 (en) * 2015-05-04 2017-01-26 Hasan Syed Kamran Method and device for managing security in a computer network
US20170076096A1 (en) * 2015-09-15 2017-03-16 The Johns Hopkins University Apparatus and Method for Preventing Access by Malware to Locally Backed Up Data
KR20180016937A (ko) * 2016-08-08 2018-02-20 (주)나무소프트 피싱 또는 랜섬웨어 공격을 차단하는 방법 및 시스템
US20180203997A1 (en) * 2017-01-19 2018-07-19 International Business Machines Corporation Protecting backup files from malware

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7953913B2 (en) * 2008-04-10 2011-05-31 Sandisk Il Ltd. Peripheral device locking mechanism
US9176825B2 (en) * 2008-12-31 2015-11-03 Symantec Corporation Granular application data lifecycle sourcing from a single backup
US9678965B1 (en) * 2009-06-29 2017-06-13 Veritas Technologies Llc System and method for enforcing data lifecycle policy across multiple domains
US20120210398A1 (en) * 2011-02-14 2012-08-16 Bank Of America Corporation Enhanced Backup and Retention Management
KR101385688B1 (ko) * 2012-09-12 2014-04-15 (주)나무소프트 파일 관리 장치 및 방법
US10855721B2 (en) * 2015-05-27 2020-12-01 Nec Corporation Security system, security method, and recording medium for storing program
US10409629B1 (en) * 2016-09-26 2019-09-10 EMC IP Holding Company LLC Automated host data protection configuration
US10708308B2 (en) * 2017-10-02 2020-07-07 Servicenow, Inc. Automated mitigation of electronic message based security threats
KR102034678B1 (ko) * 2018-02-09 2019-10-21 주식회사 안랩 데이터파일 접근 제어 기반의 악성 차단 시스템 및 악성 차단 방법
US11645943B2 (en) 2018-04-11 2023-05-09 Barracuda Networks, Inc. Method and apparatus for training email recipients against phishing attacks using real threats in realtime
CN110472443A (zh) * 2018-05-11 2019-11-19 威尔奇·伊沃 一种数据安全方法和带开关的本地设备

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040210796A1 (en) * 2001-11-19 2004-10-21 Kenneth Largman Computer system capable of supporting a plurality of independent computing environments
US20140068270A1 (en) * 2011-05-20 2014-03-06 Gurudatt Shenoy Systems And Methods For Device Based Secure Access Control Using Encryption
US20130263226A1 (en) * 2012-01-22 2013-10-03 Frank W. Sudia False Banking, Credit Card, and Ecommerce System
WO2017014823A2 (en) * 2015-05-04 2017-01-26 Hasan Syed Kamran Method and device for managing security in a computer network
US20170076096A1 (en) * 2015-09-15 2017-03-16 The Johns Hopkins University Apparatus and Method for Preventing Access by Malware to Locally Backed Up Data
KR20180016937A (ko) * 2016-08-08 2018-02-20 (주)나무소프트 피싱 또는 랜섬웨어 공격을 차단하는 방법 및 시스템
US20180203997A1 (en) * 2017-01-19 2018-07-19 International Business Machines Corporation Protecting backup files from malware

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Javelin Networks, Honeypots Too Easy for Hackers?, Business Wire, Black Hat Conference 2017, https://www.businesswire.com/news/home/20170724006062/. . . (Jul. 24, 2017) (Year: 2017). *
Shivam Gadhadara, Detection of Ransomware Attacks Using Its Behavior Pattern, Scholarly Research Journal for Interdisciplinary Studies, N. 49366, vol. 4/35, pp. 6734-6746, http://www.srjis.com/pages/pdfFiles/1608035168113.%20Shivam%20Gadhadara%201.pdf (2017-08) (Year: 2017). *

Also Published As

Publication number Publication date
JP2023503760A (ja) 2023-02-01
KR20210068388A (ko) 2021-06-09
KR20240104106A (ko) 2024-07-04
JP2024038306A (ja) 2024-03-19
US20240031384A1 (en) 2024-01-25
JP7489672B2 (ja) 2024-05-24
US20210336970A1 (en) 2021-10-28
WO2021107177A1 (ko) 2021-06-03
US20230132303A1 (en) 2023-04-27
US12113813B2 (en) 2024-10-08
KR20210156309A (ko) 2021-12-24
CN114080782A (zh) 2022-02-22
JP7574995B2 (ja) 2024-10-29
CN114080782B (zh) 2024-04-26
CN118300848A (zh) 2024-07-05

Similar Documents

Publication Publication Date Title
US11811790B2 (en) Anti-phishing system
EP3525127B1 (en) System for blocking phishing or ransomware attack
US8281135B2 (en) Enforcing use of chipset key management services for encrypted storage devices
KR101571641B1 (ko) 모바일 디바이스 상에 보안 가상 환경을 제공하기 위한 방법 및 장치
CN112513857A (zh) 可信执行环境中的个性化密码安全访问控制
US20100266132A1 (en) Service-based key escrow and security for device data
US20150227748A1 (en) Method and System for Securing Data
US8997185B2 (en) Encryption sentinel system and method
KR20120037406A (ko) 저장 장치의 원격 액세스 제어
US8713640B2 (en) System and method for logical separation of a server by using client virtualization
US20090158026A1 (en) Method and device for securely configuring a terminal by means of a startup data storage device
EP3438864B1 (en) Method and system for protecting a computer file against possible malware encryption
KR20200013013A (ko) 피싱 또는 랜섬웨어 공격을 차단하는 방법 및 시스템
KR102340604B1 (ko) 서버용 랜섬웨어 공격 차단 방법 및 시스템
KR102554875B1 (ko) 원격 업무 환경 제공 장치 및 방법
CN115952543A (zh) Pcie加密卡、管理应用系统、硬盘读写方法、设备及介质

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO SMALL (ORIGINAL EVENT CODE: SMAL); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

AS Assignment

Owner name: NAMUSOFT CO., LTD, KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:WOO, JONG HYUN;REEL/FRAME:058218/0235

Effective date: 20211126

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: NON FINAL ACTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER

STPP Information on status: patent application and granting procedure in general

Free format text: FINAL REJECTION MAILED

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE